Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Sentinel collects telemetry, security detections, and threat context from multiple products into one cloud location, and performs detection and analytics on that combined content from across the enterprise. In Cisco XDR, we enable Microsoft Sentinel users to include Cisco XDR incidents in that body of data, and to use Microsoft Sentinel in custom Automation routines in Cisco XDR.

When you add the Microsoft Sentinel integration into Cisco XDR, it enables Sentinel usage in Cisco XDR Automation for out-of-box and custom workflows including the ability to export Cisco XDR Incidents into Sentinel for seamless visibility spanning both products.

This integration is a part of other Microsoft integrations (Microsoft Defender for Office 365 and Microsoft Defender for Endpoint). This integration focuses on enterprise-wide security analytics, threat intelligence, and SIEM/SOAR capabilities.

Microsoft Sentinel

prod-nam

prod-eu

prod-apjc

Microsoft Cloud integrations allow Cisco XDR users to leverage several Microsoft products that make use of the Microsoft Cloud APIs. This combined integration allows you to manage and maintain one set of Microsoft cloud credentials across many individual product integrations between Cisco XDR and Microsoft products. Add your Microsoft cloud credentials and then add a minimum of one of the following Microsoft security applications that you want to configure to use those credentials:

* **Microsoft Defender for Office 365** - Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats delivered via email and collaboration tools, like phishing, business email compromise, and malware attacks. In Cisco XDR, we enable Defender for Office 365 users to include Defender for Office365 detections in overal incident detection, and leverage email intelligence and detections while performing incident investigations and threat hunting.

   Integration with Microsoft Defender for Office365 allows you to incorporate Microsoft Defender for Office365 detections into XDR's overall incident detection and correlation capabilities. Use the Microsoft Defender for Office 365 integration to search for security detections and associated indicators, reputations, and references, involving specified email addresses, URLs, email subjects, message IDs, IPs, domains, or file hashes. It also creates a target automatically in Automation for out-of-box workflows.

* **Microsoft Defender for Endpoint** - Microsoft Defender for Endpoint is an Endpoint Detection and Response (EDR) offering. Microsoft Defender for Endpoint security events can generate and contribute to correlated incidents in Cisco XDR. In Cisco XDR, we enable Defender for Endpoint users to leverage it for incident detection functions, threat hunting and investigation features, rapid response actions to understand and defend against threats on the endpoint, and providing important device inventory context to help triage detected threats.
    
    Integration with Microsoft Defender for Endpoint allows you to incorporate Microsoft Defender for Endpoint detections into XDR's overall incident detection and correlation capabilities. Use the Defender for Endpoints integration to search for security detections involving specific hostnames, machine IDs, IPs, and file hashes. Defender for Endpoints can be used through Cisco XDR to isolate hosts from the network and block many types of observables, including file hashes, network resources (such as IP addresses, domains, and URLs), and certificates. This integration can be used to provide host information, including vulnerability information for use in triaging incidents and detections. It creates a target automatically in Automation for out-of-box workflows and it provides important device inventory context to help triage detected threats.

* **Microsoft Sentinel** - Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Sentinel collects telemetry, security detections, and threat context from multiple products into one cloud location, and performs detection and analytics on that combined content from across the enterprise. In Cisco XDR, we enable Microsoft Sentinel users to include Cisco XDR incidents in that body of data, and to use Microsoft Sentinel in custom Automation routines in Cisco XDR.

   When you add the Microsoft Sentinel integration into Cisco XDR, it enables Sentinel usage in Cisco XDR Automation for out-of-box and custom workflows including the ability to export Cisco XDR Incidents into Sentinel for seamless visibility spanning both products.

The Microsoft Cloud integration allows you to enable integrations with Microsoft cloud applications:
* Microsoft Defender for Office 365
* Microsoft Defender for Endpoint
* Microsoft Sentinel